|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Tempinbox.com
luny
youfucktard.com
Date: Sat Jun 10 2006 - 02:54:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tempinbox.com
Homepage:
http://www.tempinbox.com
Effected files:
checkmail.pl
Description:
Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can instantly check email.
XSS Vulnerability:
It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS attack could occur.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]